Change search
Refine search result
123 51 - 100 of 111
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 51.
    Misra, Prasant
    et al.
    RISE, Swedish ICT, SICS.
    Mottola, Luca
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Raza, Shahid
    RISE, Swedish ICT, SICS, Security Lab.
    Duquennoy, Simon
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Tsiftes, Nicolas
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Höglund, Joel
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Voigt, Thiemo
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Supporting Cyber-Physical Systems with Wireless Sensor Networks: An Outlook of Software and Services2013In: Journal of the Indian Institute of Science, ISSN 0970-4140, Vol. 93, p. 441-462Article in journal (Refereed)
    Abstract [en]

    Sensing, communication, computation and control technologies are the essential building blocks of a cyber-physical system (CPS). Wireless sensor networks (WSNs) are a way to support CPS as they provide fine-grained spatial-temporal sensing, communication and computation at a low premium of cost and power. In this article, we explore the fundamental concepts guiding the design and implementation of WSNs. We report the latest developments in WSN software and services for meeting existing requirements and newer demands; particularly in the areas of: operating system, simulator and emulator, programming abstraction, virtualization, IP-based communication and security, time and location, and network monitoring and management. We also reflect on the ongoing efforts in providing dependable assurances for WSN-driven CPS. Finally, we report on its applicability with a case-study on smart buildings.

  • 52.
    Misra, Prasant
    et al.
    RISE, Swedish ICT, SICS. Indian Institute of Science, India.
    Raza, Shahid
    RISE, Swedish ICT, SICS, Security Lab.
    Rajaraman, Vasanth
    Indian Institute of Science, India.
    Warrior, Jay
    Indian Institute of Science, India.
    Voigt, Thiemo
    RISE, Swedish ICT, SICS, Computer Systems Laboratory. Uppsala University, Sweden.
    Security Challenges in Indoor Location Sensing using Bluetooth LE Broadcast2015In: EWSN 2015: Poster/Demo Session, 2015, 7, p. 11-12Conference paper (Refereed)
    Abstract [en]

    As we consider a new generation of Internet of Things and Humans (IoTH) applications that place humans at the epicenter of the control system the need to gather information from the immediate vicinity, in addition to global clues, is gaining importance. The loosely coupled Bluetooth Low Energy (BLE) data collection framework enables a new way of architecting IoTH systems where resource constrained BLE advertisers broadcast events, and devices inevitably carried by humans (such as smartphones) implicitly gather such notifications. While such a mechanism significantly alleviates data scavenging, it introduces serious limitations in terms of operational security. In this work, we show the applicability of BLE broadcast advertisements for indoor location sensing (as part of an IoTH application) and demonstrate an attack on the same system. Based on this preliminary case study, we discuss other security implications on BLE broadcasting.

  • 53.
    Mohanty, Manoranjan
    et al.
    RISE, Swedish ICT, SICS.
    Do, Viktor
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Media Data Protection during Execution on Mobile Platforms – A Review2014Report (Other academic)
    Abstract [en]

    Multimedia content streaming has become an essential part of digital life. The media-on-demand (e.g., video on demand) service of certain enterprises, such as Netflix, Hulu, and Amazon etc. is changing the equations in which media content were accessed. The days, when one has to buy a bulk of media storage devices, or has to wait for the public broadcasting (e.g., television), to enjoy her preferred media has gone. Such change in the way of entertainment, however, has created new issues of piracy and unauthorized media access. To counter these concerns, the digital rights management (DRM) protection schemes have been adopted. In this report, we investigate one of the most important aspects of the DRM technology: the problem of protecting the clear text media content when playing licensing protected content on a mobile device. To this end, we first investigate how this problem has been addressed on different platforms and CPU architectures so far, and then discuss how virtualization technologies can be potentially used to protect the media pipe on mobile platforms. Our study will consider both industry-level and academic-level works, and will discuss the hardware-based and software-based approaches.

  • 54.
    Paladi, Nicolae
    RISE, Swedish ICT, SICS, Security Lab.
    Towards secure SDN policy management2015In: 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC), 2015, 10, p. 607-611, article id 7431482Conference paper (Refereed)
    Abstract [en]

    Software-Defined Networking (SDN) has emerged as a novel network architectural model that facilitates management of large-scale networks, enables efficient network virtualisation and scalable network multi-tenancy. Centralised network controllers, an important component in the SDN paradigm, deploy on the data plane devices network policies from several independent sources, defined based on a global network view. While this approach allows to efficiently manage network connectivity and reduce the time and cost of deploying new configurations, it also increases the risk for errors – either introduced by accident, through a combination with previous policies, or by a motivated adversary. In this position paper we review the state of the art for network policy verification for SDN deployments, identify existing challenges and outline a secure framework for network policy management in SDN deployments. Combined with existing work on cloud platform and storage security, this will contribute towards creating secure and trusted cloud deployments.

  • 55.
    Paladi, Nicolae
    RISE, Swedish ICT, SICS, Security Lab.
    Trusted Computing and Secure Virtualization in Cloud Computing2012Independent thesis Advanced level (degree of Master (Two Years))Student thesis
    Abstract [en]

    Large-scale deployment and use of cloud computing in industry is accompanied and in the same time hampered by concerns regarding protection of data handled by cloud computing providers. One of the consequences of moving data processing and storage off company premises is that organizations have less control over their infrastructure. As a result, cloud service (CS) clients must trust that the CS provider is able to protect their data and infrastructure from both external and internal attacks. Currently however, such trust can only rely on organizational processes declared by the CS provider and can not be remotely verified and validated by an external party. Enabling the CS client to verify the integrity of the host where the virtual machine instance will run, as well as to ensure that the virtual machine image has not been tampered with, are some steps towards building trust in the CS provider. Having the tools to perform such verifications prior to the launch of the VM instance allows the CS clients to decide in runtime whether certain data should be stored- or calculations should be made on the VM instance offered by the CS provider. This thesis combines three components -- trusted computing, virtualization technology and cloud computing platforms -- to address issues of trust and security in public cloud computing environments. Of the three components, virtualization technology has had the longest evolution and is a cornerstone for the realization of cloud computing. Trusted computing is a recent industry initiative that aims to implement the root of trust in a hardware component, the trusted platform module. The initiative has been formalized in a set of specifications and is currently at version 1.2. Cloud computing platforms pool virtualized computing, storage and network resources in order to serve a large number of customers customers that use a multi-tenant multiplexing model to offer on-demand self-service over broad network. Open source cloud computing platforms are, similar to trusted computing, a fairly recent technology in active development. The issue of trust in public cloud environments is addressed by examining the state of the art within cloud computing security and subsequently addressing the issues of establishing trust in the launch of a generic virtual machine in a public cloud environment. As a result, the thesis proposes a trusted launch protocol that allows CS clients to verify and ensure the integrity of the VM instance at launch time, as well as the integrity of the host where the VM instance is launched. The protocol relies on the use of Trusted Platform Module (TPM) for key generation and data protection. The TPM also plays an essential part in the integrity attestation of the VM instance host. Along with a theoretical, platform-agnostic protocol, the thesis also describes a detailed implementation design of the protocol using the OpenStack cloud computing platform. In order the verify the implementability of the proposed protocol, a prototype implementation has built using a distributed deployment of OpenStack. While the protocol covers only the trusted launch procedure using generic virtual machine images, it presents a step aimed to contribute towards the creation of a secure and trusted public cloud computing environment.

  • 56.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Aslam, Mudassar
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Trusted Geolocation-Aware Data Placement in Infrastructure Clouds2014Conference paper (Refereed)
    Abstract [en]

    Data geolocation in the cloud is becoming an increasingly pressing problem, aggravated by incompatible legislation in different jurisdictions and compliance requirements of data owners. In this work we present a mechanism allowing cloud users to control the geographical location of their data, stored or processed in plaintext on the premises of Infrastructure-as-a-Service cloud providers. We use trusted computing principles and remote attestation to establish platform state. We enable cloud users to confine plaintext data exclusively to the jurisdictions they specify, by sealing decryption keys used to obtain plaintext data to the combination of cloud host geolocation and platform state. We provide a detailed description of the implementation as well as performance measurements on an open source cloud infrastructure platform using commodity hardware.

  • 57.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Towards Secure Multi-tenant Virtualized Networks2015In: 2015 IEEE Trustcom/BigDataSE/ISPA, 2015, 7, Vol. 1, p. 1180-1185, article id 7345410Conference paper (Refereed)
    Abstract [en]

    Network virtualization enables multi-tenancy over physical network infrastructure, with a side-effect of increased network complexity. Software-defined networking (SDN) is a novel network architectural model – one where the control plane is separated from the data plane by a standardized API – which aims to reduce the network management overhead. However, as the SDN model itself is evolving, its application to multi-tenant virtualized networks raises multiple security challenges. In this paper, we present a security analysis of SDN- based multi-tenant virtualized networks: we outline the security assumptions applicable to such networks, define the relevant adversarial model, identify the main attack vectors for such network infrastructure deployments and finally synthesize a set of high-level security requirements for SDN-based multi-tenant virtualized networks. This paper sets the foundation for future design of secure SDN-based multi-tenant virtualized networks.

  • 58.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    TruSDN: Bootstrapping trust in cloud network infrastructure2017In: Security and Privacy in Communication Networks, 2017, p. 104-124Conference paper (Refereed)
    Abstract [en]

    Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.

  • 59.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Aslam, Mudassar
    RISE, Swedish ICT, SICS.
    Morenius, Fredric
    Trusted Launch of Virtual Machine Instances in Public IaaS Environments2013In: Lecture Notes in Computer Science, 2013, 12Conference paper (Refereed)
    Abstract [en]

    Cloud computing and Infrastructure-as-a-Service (IaaS) are emerging and promising technologies, however their adoption is hampered by data security concerns. At the same time, Trusted Computing (TC) is experiencing an increasing interest as a security mechanism for IaaS. In this paper we present a protocol to ensure the launch of a virtual machine (VM) instance on a trusted remote compute host. Relying on Trusted Platform Module operations such as binding and sealing to provide integrity guarantees for clients that require a trusted VM launch, we have designed a trusted launch protocol for VM instances in public IaaS environments. We also present a proof-of-concept implementation of the protocol based on OpenStack, an open-source IaaS platform. The results provide a basis for the use of TC mechanisms within IaaS platforms and pave the way for a wider applicability of TC to IaaS security.

  • 60.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Aslam, Mudassar
    RISE, Swedish ICT, SICS.
    Morenius, Fredric
    Trusted Launch of Virtual Machine Instances in Public IaaS Environments2013In: Lecture Notes in Computer Science, Vol. 7839, p. 309-323Article in journal (Refereed)
    Abstract [en]

    Cloud computing and Infrastructure-as-a-Service (IaaS) are emerging and promising technologies, however their adoption is hampered by data security concerns. At the same time, Trusted Computing (TC) is experiencing an increasing interest as a security mechanism for IaaS. In this paper we present a protocol to ensure the launch of a virtual machine (VM) instance on a trusted remote compute host. Relying on Trusted Platform Module operations such as binding and sealing to provide integrity guarantees for clients that require a trusted VM launch, we have designed a trusted launch protocol for VM instances in public IaaS environments. We also present a proof-of-concept implementation of the protocol based on OpenStack, an open-source IaaS platform. The results provide a basis for the use of TC mechanisms within IaaS platforms and pave the way for a wider applicability of TC to IaaS security.

  • 61.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Morenius, Fredric
    Domain-Based Storage Protection (DBSP) in Public Infrastructure Clouds2013Conference paper (Refereed)
    Abstract [en]

    Confidentiality and integrity of data in Infrastructure-as-a-Service (IaaS) environments increase in relevance as adoption of IaaS advances towards maturity. While current solutions assume a high degree of trust in IaaS provider staff and infrastructure management processes, earlier incidents have demon- strated that neither are impeccable. In this paper we introduce Domain-Based Storage Protection (DBSP) a data confidentiality and integrity protection mechanism for IaaS environments, which relies on trusted computing principles to provide transparent storage isolation between IaaS clients. We describe the building blocks of this mechanism and provide a set of detailed protocols for generation and handling of keys for confidentiality and integrity pro- tection of data stored by guest VM instances. The protocols assume an untrusted IaaS provider and aim to prevent both malicious and accidental faulty config- urations that could lead to breach of data confidentiality and integrity in IaaS deployments.

  • 62.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Morenius, Fredric
    State of The Art and Hot Aspects in Cloud Data Storage Security2013Report (Other academic)
    Abstract [en]

    Along with the evolution of cloud computing and cloud storage towards matu- rity, researchers have analyzed an increasing range of cloud computing security aspects, data security being an important topic in this area. In this paper, we examine the state of the art in cloud storage security through an overview of selected peer reviewed publications. We address the question of defining cloud storage security and its different aspects, as well as enumerate the main vec- tors of attack on cloud storage. The reviewed papers present techniques for key management and controlled disclosure of encrypted data in cloud storage, while novel ideas regarding secure operations on encrypted data and methods for pro- tection of data in fully virtualized environments provide a glimpse of the toolbox available for securing cloud storage. Finally, new challenges such as emergent government regulation call for solutions to problems that did not receive enough attention in earlier stages of cloud computing, such as for example geographical location of data. The methods presented in the papers selected for this review represent only a small fraction of the wide research effort within cloud storage security. Nevertheless, they serve as an indication of the diversity of problems that are being addressed.

  • 63.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Karlsson, Linus
    RISE - Research Institutes of Sweden, ICT, SICS.
    Safeguarding VNF Credentials with Intel SGX2017In: SIGCOMM Posters and Demos '17 Proceedings of the SIGCOMM Posters and Demos, Association for Computing Machinery (ACM), 2017, p. 144-146Conference paper (Refereed)
    Abstract [en]

    Operators use containers – enabled by operating system (OS) level virtualization – to deploy virtual network functions (VNFs) that access the centralized network controller in software-defined net- working (SDN) deployments. While SDN allows flexible network configuration, it also increases the attack surface on the network deployment [8]. For example, insecure communication channels may be tapped to extract or inject sensitive data transferred on the north-bound interface, between the network controller and VNFs; furthermore, to protect the network controller from malicious VNF instances, the integrity and authenticity of VNFs must be verified prior to deployment.o mitigate the risks described above, we implemented a prototype that leverages hardware-based mechanisms for isolated execution implemented by Intel SGX in combination with a run-time integrity measurement subsystem, namely Linux Integrity Measure- ment Architecture (IMA)1. This prototype is a first step towards providing to tenants and end-users integrity guarantees regarding the network components in SDN deployments.

  • 64.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Michalas, Antonis
    RISE, Swedish ICT, SICS.
    "One of Our Hosts in Another Country": Challenges of Data Geolocation in Cloud Storage2014Conference paper (Refereed)
    Abstract [en]

    Physical location of data in cloud storage is an increasingly urgent problem. In a short time, it has evolved from the concern of a few regulated businesses to an important consideration for many cloud storage users. One of the characteristics of cloud storage is fluid transfer of data both within and among the data centres of a cloud provider. However, this has weakened the guarantees with respect to control over data replicas, protection of data in transit and physical location of data. This paper addresses the lack of reliable solutions for data placement control in cloud storage systems. We analyse the currently available solutions and identify their shortcomings. Furthermore, we describe a high-level architecture for a trusted, geolocation-based mechanism for data placement control in distributed cloud storage systems, which are the basis of an on-going work to define the detailed protocol and a prototype of such a solution. This mechanism aims to provide granular control over the capabilities of tenants to access data placed on geographically dispersed storage units comprising the cloud storage.

  • 65.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Michalas, Antonis
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Domain Based Storage Protection with Secure Access Control for the Cloud2014In: Proceedings of the 2nd International Workshop on Security in Cloud Computing, ACM , 2014, 17, p. 35-42Conference paper (Refereed)
    Abstract [en]

    Cloud computing has evolved from a promising concept to one of the fastest growing segments of the IT industry. How- ever, many businesses and individuals continue to view cloud computing as a technology that risks exposing their data to unauthorized users. We introduce a data confidential- ity and integrity protection mechanism for Infrastructure-as- a-Service (IaaS) clouds, which relies on trusted computing principles to provide transparent storage isolation between IaaS clients. We also address the absence of reliable data sharing mechanisms, by providing an XML-based language framework which enables clients of IaaS clouds to securely share data and clearly define access rights granted to peers. The proposed improvements have been prototyped as a code extension for a popular cloud platform.

  • 66.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Michalas, Antonis
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Domain based storage protection with secure access control for the cloud2014Conference paper (Refereed)
    Abstract [en]

    Cloud computing has evolved from a promising concept to one of the fastest growing segments of the IT industry. However, many businesses and individuals continue to view cloud computing as a technology that risks exposing their data to unauthorized users. We introduce a data confidentiality and integrity protection mechanism for Infrastructure-as-a-Service (IaaS) clouds, which relies on trusted computing principles to provide transparent storage isolation between IaaS clients. We also address the absence of reliable data sharing mechanisms, by providing an XML-based language framework which enables clients of IaaS clouds to securely share data and clearly define access rights granted to peers. The proposed improvements have been prototyped as a code extension for a popular cloud platform.

  • 67.
    Papatheocharous, Efi
    et al.
    RISE, Swedish ICT, SICS, Software and Systems Engineering Laboratory.
    Michalas, Antonis
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    A Holistic Data Privacy and Security by Design Platform-as-a-Service Framework Introducing Distributed Encrypted Persistence in Cloud-based Applications2015In: Evaluation of Novel Approaches to Software Engineering (ENASE 15), Barcelona, Spain: ENASE 2015/SCITEPRESS , 2015, 14Conference paper (Refereed)
    Abstract [en]

    PaaSword’s vision is three-fold; i) maximize and fortify the trust of individual, professional and corporate customers to Cloud-enabled services and applications; ii) safeguard both corporate and personal sensitive data stored on Cloud infrastructures and Cloud-based storage services, and iii) enable the acceleration of Cloud computing technologies adoption and paradigm shift in the European industry. PaaSword will introduce a holistic data privacy and security by design framework enhanced by sophisticated context-aware policy access models and robust policy access, decision, enforcement and governance mechanisms, which will enable the implementation of secure and transparent Cloud-based applications and services, that will maintain a fully distributed and totally encrypted data persistence layer, and, thus, will ensure data protection, integrity and confidentiality, even in the case wherein there is no control over the underlying third-party Cloud resources utilised.

  • 68.
    Papatheocharous, Efi
    et al.
    RISE, Swedish ICT, SICS, Software and Systems Engineering Laboratory.
    Petersen, Kai
    Blekinge Institute of Technology, Sweden.
    Cicchetti, Antonio
    Mälardalen University, Sweden.
    Sentilles, Severine
    Mälardalen University, Sweden.
    Shah, Syed Muhammad Ali
    RISE, Swedish ICT, SICS, Security Lab.
    Gorschek, Tony
    Blekinge Institute of Technology, Sweden.
    Decision support for choosing architectural assets in the development of software-intensive systems: The GRADE taxonomy2015In: Proceedings of the 2015 European Conference on Software Architecture Workshops (ECSAW '15), 2015, 8, article id a48Conference paper (Refereed)
    Abstract [en]

    Engineering software-intensive systems is a complex process that typically involves making many critical decisions. A continuous challenge during system design, analysis and development is deciding on the reference architecture that could reduce risks and deliver the expected functionality and quality of a product or a service to its users. The lack of evidence in documenting strategies supporting decision-making in the selection of architectural assets in systems and software engineering creates an impediment in learning, improving and also reducing the risks involved. In order to fill this gap, ten experienced researchers in the field of decision support for the selection of architectural assets in engineering software-intensive systems conducted a workshop to reduce traceability of strategies and define a dedicated taxonomy. The result was the GRADE taxonomy, whose key elements can be used to support decision-making as exemplified through a real case instantiation for validation purposes. The overall aim is to support future work of researchers and practitioners in decision-making in the context of architectural assets in the development of software-intensive systems. The taxonomy may be used in three ways: (i) identify new opportunities in structuring decisions; (ii) support the review of alternatives and enable informed decisions; and (iii) evaluate decisions by describing in a retrospective fashion decisions, factors impacting the decision and the outcome.

  • 69.
    Piñol Piñol, Oriol
    et al.
    Yanzi Networks AB, Sweden.
    Raza, Shahid
    RISE, Swedish ICT, SICS, Security Lab.
    Eriksson, Joakim
    RISE, Swedish ICT, SICS, Computer Systems Laboratory. Yanzi Networks AB, Sweden.
    Voigt, Thiemo
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    BSD-based ECC for the Contiki OS2015In: EWSN 2015: Posters and Demos, 2015, 6, p. 15-16Conference paper (Refereed)
    Abstract [en]

    Security has arisen as an important issue for the Internet of Things (IoT). Efficient ways to provide secure communication between devices and sensors is crucial for the IoT devices, which are becoming more and more used and spread in a variety of fields. In this context, Elliptic Curve Cryptography (ECC) is considered as a strong candidate to provide security while being able to be functional in an environment with strong requirements and limitations such as wireless sensor networks (WSN). Furthermore, it is a valid candidate to be used in industry solutions.

    In this demo we show a real use case of Elliptic Curve Cryptography for key establishment in combination with symmetric AES encryption. The demo will show the use of a BSD-licensed ECC library for the Contiki OS running on Yanzi Networks Contiki-based nodes that will securely communicate with a Yanzi Gateway.

  • 70.
    Piñol Piñol, Oriol
    et al.
    Yanzi Networks AB, Sweden.
    Raza, Shahid
    RISE, Swedish ICT, SICS, Security Lab.
    Eriksson, Joakim
    RISE, Swedish ICT, SICS, Computer Systems Laboratory. Yanzi Networks AB, Sweden.
    Voigt, Thiemo
    RISE, Swedish ICT, SICS, Computer Systems Laboratory. Uppsala University, Sweden.
    BSD-based Elliptic Curve Cryptography for the Open Internet of Things2015In: 2015 7th International Conference on New Technologies, Mobility and Security (NTMS), 2015, 6, article id 7266475Conference paper (Refereed)
    Abstract [en]

    The Internet of Things (IoT) is the interconnection of everyday physical objects with the Internet and their representation in the digital world. Due to the connectivity of physical objects with the untrusted Internet, security has become an important pillar for the success of IoT-based services. Things in the IoT are resource-constrained devices with limited processing and storage capabilities. Often, these things are battery powered and connected through lossy wireless links. Therefore, lightweight and efficient ways of providing secure communication in the IoT are needed. In this context, Elliptic Curve Cryptography (ECC) is considered as a strong candidate to provide security in the IoT while being able to function in constrained environments. In this paper we present a lightweight implementation and evaluation of ECC for the Contiki OS. For fast, secure and cost-effective mass development of IoT-based services by different vendors, it is important that the IoT protocols are implemented and released as open source and open licensed. To the best of our knowledge our ECC is the first lightweight BSD-licensed ECC for the IoT devices. We show the feasibility of our implementation by a thorough performance analysis using several implementations and optimization algorithms. Moreover, we evaluate it on a real IoT hardware platform.

  • 71.
    Raza, Shahid
    RISE, Swedish ICT, SICS, Security Lab.
    Secure Communication in WirelessHART and its Integration with Legacy HART2010Report (Other academic)
    Abstract [en]

    The WirelessHART is a new standard for Industrial Process Automation and Control, formally released in September 2007. WirelessHART specifications are very well organized in all aspects except security as there are no separate specifications that document security requirements, the security is limited and spread throughout the WirelessHART specifications, and it is hard to understand the employed security without reading all the core specifications. This report will provide a comprehensive overview of WirelessHART security, the provided security mechanisms will be analyzed against the possible threats and the solutions will be proposed for the identified shortcomings. The report work also comprises of the ways to integrate the WirelessHART network with the legacy HART network. Different integration options are provided and each differs with the kind of legacy HART network already in use. A secure way of integrating HART and WirelessHART is also proposed by enhancing the capabilities of Adapters and connecting them with the HART Masters rather than slave devices. Finally the architecture of such a Security Manager will be proposed which will be capable of securing the entire WirelessHART network. A comprehensive and secure key management system is proposed which is capable of random key generation, secure key storage and retrieval, secure and automatic key renewal, timely key revocation, and efficient key distribution.

  • 72.
    Raza, Shahid
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Chung, Tony
    Duquennoy, Simon
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Yazar, Dogan
    RISE, Swedish ICT, SICS.
    Voigt, Thiemo
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Roedig, Utz
    Securing Internet of Things with Lightweight IPsec2010Report (Other academic)
    Abstract [en]

    Real-world deployments of wireless sensor networks (WSNs) require secure communication. It is important that a receiver is able to verify that sensor data was generated by trusted nodes. In some cases it may also be necessary to encrypt sensor data in transit. Recently, WSNs and traditional IP networks are more tightly integrated using IPv6 and 6LoWPAN. Available IPv6 protocol stacks can use IPsec to secure data exchange. Thus, it is desirable to extend 6LoWPAN such that IPsec communication with IPv6 nodes is possible. It is beneficial to use IPsec because the existing end-points on the Internet do not need to be modified to communicate securely with the WSN. Moreover, using IPsec, true end-to-end security is implemented and the need for a trustworthy gateway is removed. In this paper we provide End-to-End (E2E) secure communication between an IP enabled sensor nodes and a device on traditional Internet. This is the first compressed lightweight design, implementation, and evaluation of 6LoWPAN extension for IPsec on Contiki. Our extension supports both IPsec's Authentication Header (AH) and Encapsulation Security Payload (ESP). Thus, communication endpoints are able to authenticate, encrypt and check the integrity of messages using standardized and established IPv6 mechanisms.

  • 73.
    Raza, Shahid
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Dini, Gianluca
    Voigt, Thiemo
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Gidlund, Mikael
    Secure Key Renewal in WirelessHART2011Conference paper (Refereed)
    Abstract [en]

    WirelessHART is a wireless extension to the HART protocol. Even though WirelessHART is designed to be a secure protocol, the loopholes in the key management system makes it vulnerable to security threats. The broadcast approach for key renewal mechanisms in WirelessHART is not secure enough to be used in sensitive industrial automation environments where breach of security may result in catastrophic results. Also, key distribution with unicast communication with each device requires O(n) rekeying messages, where n is the size of the network. In this paper we provide a secure and scalable key renewal protocol for WirelessHART that reduces the communication overhead to O(logn). Our protocol requires far less messages than the conventional unicast approach.

  • 74.
    Raza, Shahid
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Duquennoy, Simon
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Chung, Tony
    Yazar, Dogan
    RISE, Swedish ICT, SICS.
    Voigt, Thiemo
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Roedig, Utz
    Securing Communication in 6LoWPAN with Compressed IPsec2011Conference paper (Refereed)
    Abstract [en]

    Real-world deployments of wireless sensor networks (WSNs) require secure communication. It is important that a receiver is able to verify that sensor data was generated by trusted nodes. It may also be necessary to encrypt sensor data in transit. Recently, WSNs and traditional IP networks are more tightly integrated using IPv6 and 6LoWPAN. Available IPv6 protocol stacks can use IPsec to secure data exchange. Thus, it is desirable to extend 6LoWPAN such that IPsec communication with IPv6 nodes is possible. It is beneficial to use IPsec because the existing end-points on the Internet do not need to be modified to communicate securely with the WSN. Moreover, using IPsec, true end-to-end security is implemented and the need for a trustworthy gateway is removed. In this paper we provide End-to-End (E2E) secure communication between IP enabled sensor networks and the traditional Internet. This is the first compressed lightweight design, implementation, and evaluation of 6LoWPAN extension for IPsec. Our extension supports both IPsec’s Authentication Header (AH) and Encapsulation Security Payload (ESP). Thus, communication endpoints are able to authenticate, encrypt and check the integrity of messages using standardized and established IPv6 mechanisms.

  • 75.
    Raza, Shahid
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Duquennoy, Simon
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Höglund, Joel
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Roedig, Utz
    Voigt, Thiemo
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Secure Communication for the Internet of Things: A Comparison of Link-Layer Security and IPsec for 6LoWPAN2012In: Security and Communication Networks, ISSN 1939-0114, E-ISSN 1939-0122Article in journal (Refereed)
    Abstract [en]

    The future Internet is an IPv6 network interconnecting traditional computers and a large number of smart objects. This Internet of Things (IoT) will be the foundation of many services and our daily life will depend on its availability and reliable operation. Therefore, among many other issues, the challenge of implementing secure communication in the IoT must be addressed. In the traditional Internet, IPsec is the established and tested way of securing networks. It is therefore reasonable to explore the option of using IPsec as a security mechanism for the IoT. Smart objects are generally added to the Internet using IPv6 over Low-power Wireless Personal Area Networks (6LoWPAN), which defines IP communication for resource-constrained networks. Thus, to provide security for the IoT based on the trusted and tested IPsec mechanism, it is necessary to define an IPsec extension of 6LoWPAN. In this paper, we present such a 6LoWPAN/IPsec extension and show the viability of this approach. We describe our 6LoWPAN/IPsec implementation, which we evaluate and compare with our implementation of IEEE 802.15.4 link-layer security. We also show that it is possible to reuse crypto hardware within existing IEEE 802.15.4 transceivers for 6LoWPAN/IPsec. The evaluation results show that IPsec is a feasible option for securing the IoT in terms of packet size, energy consumption, memory usage, and processing time. Furthermore, we demonstrate that in contrast to common belief, IPsec scales better than link-layer security as the data size and the number of hops grow, resulting in time and energy savings. Copyright © 2012 John Wiley & Sons, Ltd.

  • 76.
    Raza, Shahid
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Duquennoy, Simon
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Voigt, Thiemo
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Roedig, Utz
    Demo Abstract: Securing Communication in 6LoWPAN with Compressed IPsec2011Conference paper (Refereed)
    Abstract [en]

    With the inception of IPv6 it is possible to assign a unique ID to each device on planet. Recently, wireless sensor networks and traditional IP networks are more tightly integrated using IPv6 and 6LoWPAN. Real-world deployments of WSN demand secure communication. The receiver should be able to verify that sensor data is generated by trusted nodes and/or it may also be necessary to encrypt sensor data in transit. Available IPv6 protocol stacks can use IPsec to secure data exchanges. Thus, it is desirable to extend 6LoWPAN such that IPsec communication with IPv6 nodes is possible. It is beneficial to use IPsec because the existing end-points on the Internet do not need to be modified to communicate securely with the WSN. Moreover, using IPsec, true end-to-end security is implemented and the need for a trustworthy gateway is removed. In this demo we will show the usage of our implemented lightweight IPsec. We will show how IPsec ensures end-to-end security between an IP enabled sensor networks and the traditional Internet. This is the first compressed lightweight design, implementation, and evaluation of a 6LoWPAN extension for IPsec. This demo complements the full paper that will appear in the parent conference, DCOSS’11.

  • 77.
    Raza, Shahid
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Keppitiyagama, Chamath
    Voigt, Thiemo
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Security and Privacy in the IPv6-Connected Internet of Things2015In: Securing Cyber-Physical Systems, CRC Press , 2015, 6Chapter in book (Refereed)
  • 78.
    Raza, Shahid
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Misra, Prasant
    RISE, Swedish ICT, SICS. Indian Institute of Science, India.
    He, Zhitao
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Voigt, Thiemo
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Bluetooth Smart: An Enabling Technology for the Internet of Things2015In: 2015 IEEE 11th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), 2015, 6, p. 155-162, article id 7347955Conference paper (Refereed)
    Abstract [en]

    The past couple of years have seen a heightened interest in the Internet of Things (IoT), transcending industry, academia and government. As with new ideas that hold immense potential, the optimism of IoT has also exaggerated the underlying technologies well before they can mature into a sustainable ecosystem. While 6LoWPAN has emerged as a disruptive technology that brings IP capability to networks of resource constrained devices, a suitable radio technology for this device class is still debatable. In the recent past, Bluetooth Low Energy (LE) - a subset of the Bluetooth v4.0 stack - has surfaced as an appealing alternative that provides a low-power and loosely coupled mechanism for sensor data collection with ubiquitous units (e.g., smartphones and tablets). When Bluetooth 4.0 was first released, it was not targeted for IP-connected devices but for communication between two neighboring peers. However, the latest release of Bluetooth 4.2 offers features that makes Bluetooth LE a competitive candidate among the available low-power communication technologies in the IoT space. In this paper, we discuss the novel features of Bluetooth LE and its applicability in 6LoWPAN networks. We also highlight important research questions and pointers for potential improvement for its greater impact.

  • 79.
    Raza, Shahid
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Seitz, Ludwig
    RISE, Swedish ICT, SICS.
    Sytenkov, Denis
    RISE, Swedish ICT, SICS.
    Selander, Göran
    Ericsson, Sweden.
    S3K: Scalable Security With Symmetric Keys—DTLS Key Establishment for the Internet of Things2016In: IEEE Transactions on Automation Science and Engineering, ISSN 1545-5955, E-ISSN 1558-3783, Vol. 13, no 3, p. 1270-1280Article in journal (Refereed)
    Abstract [en]

    DTLS is becoming the de facto standard for communication security in the Internet of Things (IoT). In order to run the DTLS protocol, one needs to establish keys between the communicating devices. The default method of key establishment requires X.509 certificates and a Public Key Infrastructure, an approach which is often too resource consuming for small IoT devices. DTLS also supports the use of preshared keys and raw public keys. These modes are more lightweight, but they are not scalable to a large number of devices.

  • 80.
    Raza, Shahid
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Shafagh, Hossein
    RISE, Swedish ICT, SICS.
    Hewage, Kasun
    Hummen, René
    Voigt, Thiemo
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Lithe: Lightweight Secure CoAP for the Internet of Things2013In: IEEE Sensors Journal, Vol. 13, p. 3711-3720Article in journal (Refereed)
  • 81.
    Raza, Shahid
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Slabbert, Adriaan
    Voigt, Thiemo
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Landernäs, Krister
    Security Considerations for the WirelessHART Protocol2009Conference paper (Refereed)
    Abstract [en]

    WirelessHART is a secure and reliable communication standard for industrial process automation. The WirelessHART specifications are well organized in all aspects except security: there are no separate specifications of security requirements or features. Rather, security mechanisms are described throughout the documentation. This hinders implementation of the standard and development of applications since it requires close knowledge of all the core specifications on the part of the developer. In this paper we provide a comprehensive overview of WirelessHART security: we analyze the provided security mechanisms against well known threats in the wireless medium, and propose recommendations to mitigate shortcomings. Furthermore, we elucidate the specifications of the Security Manager, its placement in the network, and interaction with the Network Manager.

  • 82.
    Raza, Shahid
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Trabalza, Daniele
    RISE, Swedish ICT, SICS.
    Voigt, Thiemo
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    6LoWPAN Compressed DTLS for CoAP2012Conference paper (Refereed)
    Abstract [en]

    Real deployments of the IoT require security. CoAP is being standardized as an application layer protocol for the Internet of Things (IoT). CoAP proposes to use DTLS to provide end-to-end security to protect the IoT. DTLS is a heavyweight protocol and its headers are too long to fit in a single IEEE 802.15.4 MTU. 6LoWPAN provides header compression mechanisms to reduce the size of upper layer headers. 6LoWPAN header compression mechanisms can be used to compress the security headers as well. In this paper we propose 6LoWPAN header compression for DTLS. We link our compressed DTLS with the 6LoWPAN standard using standardized mechanisms. We show that our proposed DTLS compression significantly reduces the number of additional security bits. For example, only for the DTLS Record header that is added in every DTLS packet, the number of additional security bits can be reduced by 62\%. Our compressed-DTLS is the first lightweight 6LoWPAN extension for DTLS.

  • 83.
    Raza, Shahid
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Voigt, Thiemo
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Interconnecting WirelessHART and Legacy HART Networks2010Conference paper (Refereed)
    Abstract [en]

    WirelessHART is a novel standardized wireless sensor network protocol for industrial process automation. The WirelessHART protocol is designed with the aim to complement the HART protocol by providing wireless extension to it. However, due to the different Physical and Data-link layers the two protocols are not directly interoperable. WirelessHART is based on IEEE 802.15.4 mesh networks whereas HART is a 4-20mA analog wired protocol. Keeping in view the huge installations of HART networks throughout the world we feel the need to integrate HART and WirelessHART networks as the WirelessHART standard does not specify the means to securely connect the two networks. In this paper we provide different options to integrate WirelessHART and legacy HART networks. We start integrating the two networks using the Gateway. However, the Gateway based integrations are sometimes not feasible and are insecure. The main contribution of this paper is that we provide a novel and comparatively secure solution to interconnect WirelessHART networks with HART networks. We specify and design a new WirelessHART Integrator that extends the capabilities of the WirelessHART Adapter and provides integration at the network level rather than at the device level only. We also analyze and compare our solution with the Gateway and Adapter based solutions.

  • 84.
    Raza, Shahid
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Voigt, Thiemo
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Roedig, Utz
    CONET, UK.
    6LoWPAN Extension for IPsec2011Conference paper (Refereed)
    Abstract [en]

    Real-world deployments of wireless sensor networks (WSNs) require secure communication. Recently, WSNs and traditional IP networks are more tightly integrated using IPv6 and 6LoWPAN. Available IPv6 protocol stacks can use IPsec to secure data exchange. Thus, it is desirable to extend 6LoWPAN such that IPsec communication with IPv6 nodes is possible. It is beneficial to use IPsec because the existing end-points on the Internet do not need to be modified to communicate securely with the WSN. We propose a 6LoWPAN extension for IPsec. Our extension supports both IPsec’s Authentication Header (AH) and Encapsulation Security Payload (ESP). Thus, communication endpoints are able to authenticate, encrypt, and check the integrity of messages using standardized and established IPv6 mechanisms.

  • 85.
    Raza, Shahid
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Voigt, Thiemo
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Slabbert, Adriaan
    Landernäs, Krister
    Design and Implementation of a Security Manager for WirelessHART Networks2009Conference paper (Refereed)
    Abstract [en]

    WirelessHART is the first open standard for Wireless Sensor Networks designed specifically for industrial process automation and control systems. WirelessHART is a secure protocol; however, it relies on a Security Manager for the management of the security keys and the authentication of new devices. The WirelessHART standard does not provide specifications and design of the Security Manager. Also, the security specifications in the standard are not well organized and are dispersed throughout the standard. The lack of Security Manager design and ambiguous security specifications impede implementation of the standard since it requires close knowledge of all the core specifications on the part of the developer. In this paper we provide the detailed specifications, design, and implementation of the Security Manager for the WirelessHART standard. We evaluate our Security Manager against different cryptographic algorithms and measure the latency between the Network Manager and the Security Manager. Our evaluation shows that the proposed Security Manager meets the WirelessHART requirements. Our analysis shows that the provided Security Manager is capable of securing both the wireless and wired part of the WirelessHART network.

  • 86.
    Raza, Shahid
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Voigt, Thiemo
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Vilhelm, Juvik
    RISE, Swedish ICT, SICS.
    Lightweight IKEv2: A Key Management Solution for both Compressed IPsec and IEEE 802.15.4 Security2012Conference paper (Refereed)
  • 87.
    Raza, Shahid
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Wallgren, Linus
    RISE, Swedish ICT, SICS.
    Voigt, Thiemo
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    SVELTE: Real-time Intrusion Detection in the Internet of Things2013In: Ad Hoc Networks (Elsevier), Vol. 11, p. 2661-2674Article in journal (Refereed)
  • 88.
    Schwarz, Oliver
    et al.
    RISE, Swedish ICT, SICS, Security Lab. KTH Royal Institute of Technology, Sweden.
    Dam, Mads
    KTH Royal Institute of Technology, Sweden.
    Automatic Derivation of Platform Noninterference Properties2016In: Software Engineering and Formal Methods / [ed] Rocco De Nicola, Eva Kühn, 2016, 8, Vol. 9763, p. 27-44Conference paper (Refereed)
    Abstract [en]

    For the verification of system software, information flow properties of the instruction set architecture (ISA) are essential. They show how information propagates through the processor, including sometimes opaque control registers. Thus, they can be used to guarantee that user processes cannot infer the state of privileged system components, such as secure partitions. Formal ISA models - for example for the HOL4 theorem prover - have been available for a number of years. However, little work has been published on the formal analysis of these models. In this paper, we present a general framework for proving information flow properties of a number of ISAs automatically, for example for ARM. The analysis is represented in HOL4 using a direct semantical embedding of noninterference, and does not use an explicit type system, in order to (i) minimize the trusted computing base, and to (ii) support a large degree of context-sensitivity, which is needed for the analysis. The framework determines automatically which system components are accessible at a given privilege level, guaranteeing both soundness and accuracy.

  • 89.
    Schwarz, Oliver
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Dam, Mads
    KTH Royal Institute of Technology, Sweden.
    Formal Verification of Secure User Mode Device Execution with DMA2014Conference paper (Refereed)
    Abstract [en]

    Separation between processes on top of an operating system or between guests in a virtualized environment is essential for establishing security on modern platforms. A key requirement of the underlying hardware is the ability to support multiple partitions executing on the shared hardware without undue interference. For modern processor architectures - with hardware support for memory management, several modes of operation and I/O interfaces - this is a delicate issue requiring deep analysis at both instruction set and processor implementation level. In a first attempt to rigorously answer this type of questions we introduced in previous work an information flow analysis of user program execution on an ARMv7 platform with hardware supported memory protection, but without I/O. The analysis was performed as a semi-automatic proof search procedure on top of an ARMv7 ISA model implemented in the Cambridge HOL4 theorem prover by Fox et al. The restricted platform functionality, however, makes the analysis of limited practical value. In this paper we add support for devices, including DMA, to the analysis. To this end, we propose an approach to device modeling based on the idea of executing devices nondeterministically in parallel with the (single-core) deterministic processor, covering a fine granularity of interactions between the model components. Based on this model and taking the ARMv7 ISA as an example, we provide HOL4 proofs of several noninterference-oriented isolation properties for a partition executing in the presence of devices which potentially use DMA or interrupts.

  • 90.
    Schwarz, Oliver
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Securing DMA through Virtualization2012In: IEEE Conference on Complexity in Engineering, IEEE , 2012, 20Conference paper (Refereed)
    Abstract [en]

    We present a solution for preventing guests in a virtualized system from using direct memory access (DMA) to access memory regions of other guests. The principles we suggest, and that we also have implemented, are purely based on software and standard hardware. No additional virtualization hardware such as an I/O Memory Management Unit (IOMMU) is needed. Instead, the protection of the DMA controller is realized with means of a common ARM MMU only. Overhead occurs only in pre- and postprocessing of DMA transfers and is limited to a few microseconds. The solution was designed with focus on security and the abstract concept of the approach was formally verified.

  • 91.
    Schwarz, Oliver
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Do, Viktor
    RISE, Swedish ICT, SICS.
    Affordable Separation on Embedded Platforms: Soft Reboot Enabled Virtualization on a Dual Mode System2014Conference paper (Refereed)
    Abstract [en]

    While security has become important in embedded systems, commodity operating systems often fail in effectively separating processes, mainly due to a too large trusted computing base. System virtualization can establish isolation already with a small code base, but many existing embedded CPU architectures have very limited virtualization hardware support, so that the performance impact is often non-negligible. Targeting both security and performance, we investigate an approach in which a few minor hardware additions together with virtualization offer protected execution in embedded systems while still allowing non-virtualized execution when secure services are not needed. Benchmarks of a prototype implementation on an emulated ARM Cortex A8 platform confirm that switching between those two execution forms can be done efficiently.

  • 92.
    Seitz, Ludwig
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Rissanen, Eric
    RISE, Swedish ICT, SICS.
    Context dependent revocation in delegated XACML2008Report (Other academic)
    Abstract [en]

    The XACML standard defines an XML based language for defining access control policies and a related processing model. Recent work aims to add delegation to XACML in order to express the right to administrate XACML policies within XACML itself. The delegation profile draft explains how to validate the right to issue a policy, but there are no provisions for removing a policy. This paper proposes a revocation model for delegated XACML. A novel feature of this model is that whether a revocation is valid or not, depends not only on who issued the revocation, but also on the context in which an attempt to use the revoked policy is done.

  • 93.
    Seitz, Ludwig
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Rissanen, Erik
    RISE, Swedish ICT, SICS.
    NETCONF access control profile for XACML2008Report (Other academic)
    Abstract [en]

    The NETCONF remote network configuration protocol currently lacks an access control model. The need for such a model has been recognised within the NETCONF working group. The eXtended Access Control Markup Language (XACML) is an XML-based access control standard, with widespread acceptance from the industry and good open-source support. This document proposes a profile that defines how to use XACML to provide fine-grain access control for NETCONF commands.

  • 94.
    Seitz, Ludwig
    et al.
    RISE, Swedish ICT, SICS.
    Selander, Göran
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Authorization Framework for the Internet-of-Things2013Conference paper (Refereed)
    Abstract [en]

    This paper describes a framework that allows fine-grained and flexible access control to connected devices with very limited processing power and memory. We propose a set of security and performance requirements for this setting and derive an authorization framework distributing processing costs between constrained devices and less constrained back-end servers while keeping message exchanges with the constrained devices at a minimum. As a proof of concept we present performance results from a prototype implementing the device part of the framework.

  • 95. Sundmark, Ove
    et al.
    Sundmark, Daniel
    RISE, Swedish ICT, SICS. RISE, Swedish ICT, SICS, Security Lab.
    Cedergren, Stefan
    Jackson, Mats
    Performance in the Public Sector - Efficiency and Effectiveness of Payroll Services in Three Municipalities2012Conference paper (Refereed)
  • 96.
    Svensson, Martin
    et al.
    RISE, Swedish ICT, SICS.
    Paladi, Nicolae
    RISE, Swedish ICT, SICS, Security Lab.
    Giustolisi, Rosario
    RISE, Swedish ICT, SICS.
    5G: Towards secure ubiquitous connectivity beyond 20202015Report (Other academic)
    Abstract [en]

    The growing demand for mobile Internet, and the increasing number of connected devices, has required significant advancements in radio technology and networks compared to the previous generations of mobile telecommunication. Security however has only seen incremental changes to the previous mobile telecommunication generation, with enhancements that mitigate new threats and address revealed weaknesses. 5G is expected to change this, as novel use-cases will demand new trust models and require novel security solutions. In this paper, we examine the state of 5G Security, and start by describing the new expectations, requirements and enablers in 5G and the design principles conferred by material presented in selected publications. Furthermore, we describe the historic development of the authentication and key agreement protocols, which were introduced with GSM (2G), as an example of the incremental improvements to security. Additionally, we present select published papers that suggest different types of attacks on the current generations of mobile networks, and solutions to the identified weaknesses, which must be taken into account in 5G security. Finally, we describe a proposed 5G Security architecture, which bring new models for authentication, authorization and accounting (AAA) to 5G. The role of 5G security is clear, it must not only meet the basic security requirements in confidentiality, integrity and privacy, but also foster user confidence in mobile telecommunication.

  • 97.
    Tiloca, Marco
    RISE, Swedish ICT, SICS, Security Lab.
    Efficient Protection of Response Messages in DTLS-Based Secure Multicast Communication2014Conference paper (Refereed)
    Abstract [en]

    DTLS is a standardized security protocol designed to provide end-to-end secure communication among two peers, and particularly considered for the emerging Internet of Things. In order to protect group communication, the IETF is currently working on a method to secure multicast messages through the same DTLS security services. However, such an approach relies on traditional DTLS sessions to protect unicast responses to multicast messages. This increases the amount of security material stored by group members and can have a relevant impact on network performance. In this paper we propose an extension to the IETF approach which allows to efficiently protect group responses by reusing the same group key material. Our proposal does not require to establish additional DTLS sessions, thus preserving high communication performance within the group and limiting storage overhead on group members. Furthermore, we discuss a suitable key management policy to provision and renew group key material.

  • 98.
    Tiloca, Marco
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    De Guglielmo, Domenico
    University of Pisa, Italy.
    Dini, Gianluca
    University of Pisa, Italy.
    Anastasi, Giuseppe
    University of Pisa, Italy.
    Das, Sajal Kumar
    Missouri University of Science and Technology, US.
    JAMMY: a Distributed and Dynamic Solution to Selective Jamming Attack in TDMA WSNs2015In: IEEE Transactions on Dependable and Secure Computing, ISSN 1545-5971, E-ISSN 1941-0018, Vol. 14, no 4, p. 392-405Article in journal (Refereed)
    Abstract [en]

    Time Division Multiple Access (TDMA) is often used in Wireless Sensor Networks (WSNs), especially for critical applications, as it provides high energy efficiency, guaranteed bandwidth, bounded and predictable latency, and absence of collisions. However, TDMA is vulnerable to selective jamming attacks. In TDMA transmission, slots are typically pre-allocated to sensor nodes, and each slot is used by the same node for a number of consecutive superframes. Hence, an adversary could thwart a victim node’s communication by simply jamming its slot(s). Such attack turns out to be effective, energy efficient, and extremely difficult to detect. In this paper, we present JAMMY, a distributed and dynamic solution to selective jamming in TDMA-based WSNs. Unlike traditional approaches, JAMMY changes the slot utilization pattern at every superframe, thus making it unpredictable to the adversary. JAMMY is decentralized, as sensor nodes determine the next slot utilization pattern in a distributed and autonomous way. Results from performance analysis of the proposed solution show that JAMMY introduces negligible overhead yet allows multiple nodes to join the network, in a limited number of superframes.

  • 99.
    Tiloca, Marco
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Dini, Gianluca
    University of Pisa, Italy.
    GREP: a Group REkeying Protocol Based on Member Join History2016In: 2016 IEEE Symposium on Computers and Communication (ISCC), IEEE, 2016, 9, p. 326-333, article id 7543761Conference paper (Refereed)
    Abstract [en]

    This paper presents GREP, a highly scalable and efficient group rekeying protocol with the following merits. First, it rekeys the group with only two messages, introducing an overhead which is small, constant, and independent of the group size. Second, GREP considers collusion as a first-class attack. Third, GREP efficiently recovers the group from a collusion attack without recourse to a total member reinitialization. The recovery cost smoothly grows with the group size, and gradually increases with the attack severity. GREP achieves these results by organizing nodes into logical subgroups and exploiting the history of node joining events. This allows GREP to establish a total ordering among subgroups and among nodes in each subgroup, so making collusion recovery highly scalable and efficient. We evaluate performance from several standpoints, and show that GREP is deployable in large-scale networks of customary, even resource constrained, platforms.

  • 100.
    Tiloca, Marco
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Seitz, Ludwig
    RISE - Research Institutes of Sweden, ICT, SICS.
    On improving resistance to Denial of Service and key provisioning scalability of the DTLS handshake2017In: International Journal of Information Security, ISSN 1615-5262, E-ISSN 1615-5270, Vol. 16, no 2, p. 173-193Article in journal (Refereed)
    Abstract [en]

    DTLS is a transport layer security protocol designed to provide secure communication over unreliable datagram protocols. Before starting to communicate, a DTLS client and server perform a specific handshake in order to establish a secure session and agree on a common security context. However, the DTLS handshake is affected by two relevant issues. First, the DTLS server is vulnerable to a specific Denial of Service (DoS) attack aimed at forcing the establishment of several half-open sessions. This may exhaust memory and network resources on the server, so making it less responsive or even unavailable to legitimate clients. Second, although it is one of the most efficient key provisioning approaches adopted in DTLS, the pre-shared key provisioning mode does not scale well with the number of clients, it may result in scalability issues on the server side, and it complicates key re-provisioning in dynamic scenarios. This paper presents a single and efficient security architecture which addresses both issues, by substantially limiting the impact of DoS, and reducing the number of keys stored on the server side to one unit only. Our approach does not break the existing standard and does not require any additional message exchange between DTLS client and server. Our experimental results show that our approach requires a shorter amount of time to complete a handshake execution and consistently reduces the time a DTLS server is exposed to a DoS instance. We also show that it considerably improves a DTLS server in terms of service availability and robustness against DoS attack.

123 51 - 100 of 111
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.35.7